tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 2885


Megaco Protocol version 0.8

Part 3 of 6, p. 55 to 76
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 55 
7.3 Command Error Codes

   Errors consist of an IANA registered error code and an explanatory
   string.  Sending the explanatory string is optional.  Implementations
   are encouraged to append diagnostic information to the end of the

   When a MG reports an error to a MGC, it does so in an error
   descriptor.  An error descriptor consists of an error code and
   optionally the associated explanatory string.

   The identified error codes are:

        400 - Bad Request
        401 - Protocol Error
        402 - Unauthorized
        403 - Syntax Error in Transaction
        404 - Syntax Error in TransactionReply
        405 - Syntax Error in TransactionPending
        406 - Version Not Supported
        410 - Incorrect identifier
        411 - The transaction refers to an unknown ContextId
        412 - No ContextIDs available

        421 - Unknown action or illegal combination of actions
        422 - Syntax Error in Action
        430 - Unknown TerminationID
        431 - No TerminationID matched a wildcard
        432 - Out of TerminationIDs or No TerminationID available
        433 - TerminationID is already in a Context
        440 - Unsupported or unknown Package
        441 - Missing RemoteDescriptor
        442 - Syntax Error in Command
        443 - Unsupported or Unknown Command
        444 - Unsupported or Unknown Descriptor
        445 - Unsupported or Unknown Property
        446 - Unsupported or Unknown Parameter
        447 - Descriptor not legal in this command
        448 - Descriptor appears twice in a command
        450 - No such property in this package
        451 - No such event in this package
        452 - No such signal in this package
        453 - No such statistic in this package
        454 - No such parameter value in this package
        455 - Parameter illegal in this Descriptor
        456 - Parameter or Property appears twice in this Descriptor
        461 - TransactionIDs in Reply do not match Request

Top      Up      ToC       Page 56 
        462 - Commands in Transaction Reply do not match commands in
        463 - TerminationID of Transaction Reply does not match
        464 - Missing reply in Transaction Reply
        465 - TransactionID in Transaction Pending does not match any
              open request
        466 - Illegal Duplicate Transaction Request
        467 - Illegal Duplicate Transaction Reply
        471 - Implied Add for Multiplex failure

        500 - Internal Gateway Error
        501 - Not Implemented
        502 - Not ready.
        503 - Service Unavailable
        504 - Command Received from unauthorized entity
        505 - Command Received before Restart Response
        510 - Insufficient resources
        512 - Media Gateway unequipped to detect requested Event
        513 - Media Gateway unequipped to generate requested Signals
        514 - Media Gateway cannot send the specified announcement
        515 - Unsupported Media Type
        517 - Unsupported or invalid mode
        518 - Event buffer full
        519 - Out of space to store digit map
        520 - Media Gateway does not have a digit map
        521 - Termination is "ServiceChangeing"
        526 - Insufficient bandwidth
        529 - Internal hardware failure
        530 - Temporary Network failure
        531 - Permanent Network failure
        581 - Does Not Exist


   Commands between the Media Gateway Controller and the Media Gateway
   are grouped into Transactions, each of which is identified by a
   TransactionID.  Transactions consist of one or more Actions.  An
   Action consists of a series of Commands that are limited to operating
   within a single Context.   Consequently each Action typically
   specifies a ContextID.  However, there are two circumstances where a
   specific ContextID is not provided with an Action.  One is the case
   of modification of a Termination outside of a Context.  The other is
   where the controller requests the gateway to create a new Context.
   Following is a graphic representation of the Transaction, Action and
   Command relationships.

Top      Up      ToC       Page 57 
       | Transaction x                                            |
       |  +----------------------------------------------------+  |
       |  | Action 1                                           |  |
       |  | +---------+  +---------+  +---------+  +---------+ |  |
       |  | | Command |  | Command |  | Command |  | Command | |  |
       |  | |    1    |  |    2    |  |    3    |  |    4    | |  |
       |  | +---------+  +---------+  +---------+  +---------+ |  |
       |  +----------------------------------------------------+  |
       |                                                          |
       |  +----------------------------------------------------+  |
       |  | Action 2                                           |  |
       |  | +---------+                                        |  |
       |  | | Command |                                        |  |
       |  | |    1    |                                        |  |
       |  | +---------+                                        |  |
       |  +----------------------------------------------------+  |
       |                                                          |
       |  +----------------------------------------------------+  |
       |  | Action 3                                           |  |
       |  | +---------+  +---------+  +---------+              |  |
       |  | | Command |  | Command |  | Command |              |  |
       |  | |    1    |  |    2    |  |    3    |              |  |
       |  | +---------+  +---------+  +---------+              |  |
       |  +----------------------------------------------------+  |

              Figure 5 Transactions, Actions and Commands

   Transactions are presented as TransactionRequests.  Corresponding
   responses to a TransactionRequest are received in a single reply,
   possibly preceded by a number of TransactionPending messages (see
   section 8.2.3).

   Transactions guarantee ordered Command processing.  That is, Commands
   within a Transaction are executed sequentially. Ordering of
   Transactions is NOT guaranteed - transactions may be executed in any
   order, or simultaneously.

   At the first failing Command in a Transaction, processing of the
   remaining Commands in that Transaction stops.  If a command contains
   a wildcarded TerminationID, the command is attempted with each of the
   actual TerminationIDs matching the wildcard.  A response within the
   TransactionReply is included for each matching TerminationID, even if
   one or more instances generated an error.  If any TerminationID
   matching a wildcard results in an error when executed, any commands
   following the wildcarded command are not attempted.  Commands may be
   marked as "Optional" which can override this behaviour -  if a

Top      Up      ToC       Page 58 
   command marked as Optional results in an error, subsequent commands
   in the Transaction will be executed.  A TransactionReply includes the
   results for all of the Commands in the corresponding
   TransactionRequest.  The TransactionReply includes the return values
   for the Commands that were executed successfully, and the Command and
   error descriptor for any Command that failed.  TransactionPending is
   used to periodically notify the receiver that a Transaction has not
   completed yet, but is actively being processed.

   Applications SHOULD implement an application level timer per
   transaction.  Expiration of the timer should cause a retransmission
   of the request.  Receipt of a Reply should cancel the timer.  Receipt
   of Pending should restart the timer.

8.1 Common Parameters

8.1.1 Transaction Identifiers

   Transactions are identified by a TransactionID, which is assigned by
   sender and is unique within the scope of the sender.

8.1.2 Context Identifiers

   Contexts are identified by a ContextID, which is assigned by the
   Media Gateway and is unique within the scope of the Media Gateway.
   The Media Gateway Controller shall use the ContextID supplied by the
   Media Gateway in all subsequent Transactions relating to that
   Context.  The protocol makes reference to a distinguished value that
   may be used by the Media Gateway Controller when referring to a
   Termination that is currently not associated with a Context, namely
   the null ContextID.

   The CHOOSE wildcard is used to request that the Media Gateway create
   a new Context.  The MGC shall not use partially specified ContextIDs
   containing the CHOOSE wildcard.

   The MGC may use the ALL wildcard to address all Contexts on the MG.

8.2 Transaction Application Programming Interface

   Following is an Application Programming Interface (API) describing
   the Transactions of the protocol.  This API is shown to illustrate
   the Transactions and their parameters and is not intended to specify
   implementation (e.g. via use of blocking function calls).  It will
   describe the input parameters and return values expected to be used
   by the various Transactions of the protocol from a very high level.
   Transaction syntax and encodings are specified in later subsections.

Top      Up      ToC       Page 59 
8.2.1 TransactionRequest

   The TransactionRequest is invoked by the sender.  There is one
   Transaction per request invocation.  A request contains one or more
   Actions, each of which specifies its target Context and one or more
   Commands per Context.

       TransactionRequest(TransactionId {
              ContextID {Command _ Command},
                               . . .
              ContextID  {Command _ Command } })

   The TransactionID parameter must specify a value for later
   correlation with the TransactionReply or TransactionPending response
   from the receiver.

   The ContextID parameter must specify a value to pertain to all
   Commands that follow up to either the next specification of a
   ContextID parameter or the end of the TransactionRequest, whichever
   comes first.

   The Command parameter represents one of the Commands mentioned in the
   "Command Details" subsection titled "Application Programming

8.2.2 TransactionReply

   The TransactionReply is invoked by the receiver.  There is one reply
   invocation per transaction.  A reply contains one or more Actions,
   each of which must specify its target Context and one or more
   Responses per Context.

        TransactionReply(TransactionID {
                ContextID { Response _ Response },
                                . . .
                ContextID { Response _ Response } })

   The TransactionID parameter must be the same as that of the
   corresponding TransactionRequest.

   The ContextID parameter must specify a value to pertain to all
   Responses for the action.  The ContextID may be specific or null.

   Each of the Response parameters represents a return value as
   mentioned in section 7.2, or an error descriptor if the command
   execution encountered an error. Commands after the point of failure
   are not processed and, therefore, Responses are not issued for them.

Top      Up      ToC       Page 60 
   An exception to this occurs if a command has been marked as optional
   in the Transaction request. If the optional command  generates an
   error, the transaction still continues to execute, so the Reply
   would, in this case, have Responses after an Error.

   If the receiver encounters an error in processing a ContextID, the
   requested Action response will consist of the context ID and a single
   error descriptor, 422 Syntax Error in Action.

   If the receiver encounters an error such that it cannot determine a
   legal Action, it will return a TransactionReply consisting of the
   TransactionID and a single error descriptor, 422 Syntax Error in
   Action. If the end of an action cannot be reliably determined but one
   or more Actions can be parsed, it will process them and then send 422
   Syntax Error in Action as the last action for the transaction.  If
   the receiver encounters an error such that is cannot determine a
   legal Transaction, it will return a TransactionReply with a null
   TransactionID and a single error descriptor (403 Syntax Error in

   If the end of a transaction can not be reliably determined and one or
   more Actions can be parsed, it will process them and then return 403
   Syntax Error in Transaction as the last action reply for the
   transaction.  If no Actions can be parsed, it will return 403 Syntax
   Error in Transaction as the only reply

   If the terminationID cannot be reliably determined it will send 442
   Syntax Error in Command as the action reply.

   If the end of a command cannot be reliably determined it will return
   442 Syntax Error in Transaction as the reply to the last action it
   can parse.

8.2.3 TransactionPending

   The receiver invokes the TransactionPending.  A TransactionPending
   indicates that the Transaction is actively being processed, but has
   not been completed.  It is used to prevent the sender from assuming
   the TransactionRequest was lost where the Transaction will take some
   time to complete.

        TransactionPending(TransactionID { } )

   The TransactionID parameter must be the same as that of the
   corresponding TransactionRequest.  A property of root
   (normalMGExecutionTime) is settable by the MGC to indicate the
   interval within which the MGC expects a response to any transaction
   from the MG.  Another property (normalMGCExecutionTime) is settable

Top      Up      ToC       Page 61 
   by the MGC to indicate the interval within which the MG should
   expects a response to any transaction from the MGC.  Senders may
   receive more than one TransactionPending for a command.  If a
   duplicate request is received when pending, the responder may send a
   duplicate pending immediately, or continue waiting for its timer to
   trigger another Transaction Pending.

8.3 Messages

   Multiple Transactions can be concatenated into a Message.  Messages
   have a header, which includes the identity of the sender. The Message
   Identifier (MID) of a message is set to a provisioned name (e.g.
   domain address/domain name/device name) of the entity transmitting
   the message.  Domain name is a suggested default.

   Every Message contains a Version Number identifying the version of
   the protocol the message conforms to.  Versions consist of one or two
   digits, beginning with version 1 for the present version of the

   The transactions in a message are treated independently.  There is no
   order implied, there is no application or protocol acknowledgement of
   a message.


   The transport mechanism for the protocol should allow the reliable
   transport of transactions between an MGC and MG. The transport shall
   remain independent of what particular commands are being sent and
   shall be applicable to all application states.  There are several
   transports defined for the protocol, which are defined in normative
   Annexes to this document.  Additional Transports may be defined as
   additional annexes in subsequent editions of this document, or in
   separate documents.  For transport of the protocol over IP, MGCs
   shall implement both TCP and UDP/ALF, an MG shall implement TCP or
   UDP/ALF or both.

   The MG is provisioned with a name or address (such as DNS name or IP
   address) of a primary and zero or more secondary MGCs (see section
   7.2.8) that is the address the MG uses to send messages to the MGC.
   If TCP or UDP is used as the protocol transport and the port to which
   the initial ServiceChange request is to be sent is not otherwise
   known, that request should be sent to the default port number for the
   protocol.  This port number is 2944 for text-encoded operation or
   2945 for binary-encoded operation, for either UDP or TCP.  The MGC
   receives the message containing the ServiceChange request from the MG
   and can determine the MG's address from it.  As described in section
   7.2.8, either the MG or the MGC may supply an address in the

Top      Up      ToC       Page 62 
   ServiceChangeAddress parameter to which subsequent transaction
   requests must be addressed, but responses (including the response to
   the initial ServiceChange request) must always be sent back to the
   address which was the source of the corresponding request.

9.1 Ordering of Commands

   This document does not mandate that the underlying transport protocol
   guarantees the sequencing of transactions sent to an entity.  This
   property tends to maximize the timeliness of actions, but it has a
   few drawbacks.  For example:

    .  Notify commands may be delayed and arrive at the MGC after the
       transmission of a new command changing the EventsDescriptor

    .  If a new command is transmitted before a previous one is
       acknowledged, there is no guarantee that prior command will be
       executed before the new one.

   Media Gateway Controllers that want to guarantee consistent operation
   of the Media Gateway may use the following rules.  These rules are
   with respect to commands that are in different transactions.
   Commands that are in the same transaction are executed in order (see
   section 8).

   1. When a Media Gateway handles several Terminations, commands
      pertaining to the different Terminations may be sent in parallel,
      for example following a model where each Termination (or group of
      Terminations) is controlled by its own process or its own thread.

   2. On a Termination, there should normally be at most one outstanding
      command (Add or Modify or Move), unless the outstanding commands
      are in the same transaction.  However, a Subtract command may be
      issued at any time.  In consequence, a Media Gateway may sometimes
      receive a Modify command that applies to a previously subtracted
      Termination.  Such commands should be ignored, and an error code
      should be returned.

   3. On a given Termination, there should normally be at most one
      outstanding Notify command at any time.

   4. In some cases, an implicitly or explicitly wildcarded Subtract
      command that applies to a group of Terminations may step in front
      of a pending Add command.  The Media Gateway Controller should
      individually delete all Terminations for which an Add command was
      pending at the time of the global Subtract command.  Also, new Add

Top      Up      ToC       Page 63 
      commands for Terminations named by the wild-carding (or implied in
      a Multiplex descriptor) should not be sent until the wild-carded
      Subtract command is acknowledged.

   5. AuditValue and AuditCapability are not subject to any sequencing.

   6. ServiceChange shall always be the first command sent by a MG as
      defined by the restart procedure. Any other command or response
      must be delivered after this ServiceChange command.

   These rules do not affect the command responder, which should always
   respond to commands.

9.2 Protection against Restart Avalanche

   In the event that a large number of Media Gateways are powered on
   simultaneously and they were to all initiate a ServiceChange
   transaction, the Media Gateway Controller would very likely be
   swamped, leading to message losses and network congestion during the
   critical period of service restoration. In order to prevent such
   avalanches, the following behavior is suggested:

   1. When a Media Gateway is powered on, it should initiate a restart
      timer to a random value, uniformly distributed between 0 and a
      maximum waiting delay (MWD). Care should be taken to avoid
      synchronicity of the random number generation between multiple
      Media Gateways that would use the same algorithm.

   2. The Media Gateway should then wait for either the end of this
      timer or the detection of a local user activity, such as for
      example an off-hook transition on a residential Media Gateway.

   3. When the timer elapses, or when an activity is detected, the Media
      Gateway should initiate the restart procedure.

   The restart procedure simply requires the MG to guarantee that the
   first message that the Media Gateway Controller sees from this MG is
   a ServiceChange message informing the Media Gateway Controller about
   the restart.

   Note -  The value of MWD is a configuration parameter that depends on
   the type of the Media Gateway. The following reasoning may be used to
   determine the value of this delay on residential gateways.

   Media Gateway Controllers are typically dimensioned to handle the
   peak hour traffic load, during which, in average, 10% of the lines
   will be busy, placing calls whose average duration is typically 3
   minutes.  The processing of a call typically involves 5 to 6 Media

Top      Up      ToC       Page 64 
   Gateway Controller transactions between each Media Gateway and the
   Media Gateway Controller.  This simple calculation shows that the
   Media Gateway Controller is expected to handle 5 to 6 transactions
   for each Termination, every 30 minutes on average, or, to put it
   otherwise, about one transaction per Termination every 5 to 6 minutes
   on average.  This suggests that a reasonable value of MWD for a
   residential gateway would be 10 to 12 minutes.  In the absence of
   explicit configuration, residential gateways should adopt a value of
   600 seconds for MWD.

   The same reasoning suggests that the value of MWD should be much
   shorter for trunking gateways or for business gateways, because they
   handle a large number of Terminations, and also because the usage
   rate of these Terminations is much higher than 10% during the peak
   busy hour, a typical value being 60%.  These Terminations, during the
   peak hour, are this expected to contribute about one transaction per
   minute to the Media Gateway Controller load. A reasonable algorithm
   is to make the value of MWD per "trunk" Termination six times shorter
   than the MWD per residential gateway, and also inversely proportional
   to the number of Terminations that are being restarted. For example
   MWD should be set to 2.5 seconds for a gateway that handles a T1
   line, or to 60 milliseconds for a gateway that handles a T3 line.


   This section covers security when using the protocol in an IP

10.1 Protection of Protocol Connections

   A security mechanism is clearly needed to prevent unauthorized
   entities from using the protocol defined in this document for setting
   up unauthorized calls or interfering with authorized calls.  The
   security mechanism for the protocol when transported over IP networks
   is IPsec [RFC2401 to RFC2411].

   The AH header [RFC2402] affords data origin authentication,
   connectionless integrity and optional anti-replay protection of
   messages passed between the MG and the MGC. The ESP header [RFC2406]
   provides confidentiality of messages, if desired. For instance, the
   ESP encryption service should be requested if the session
   descriptions are used to carry session keys, as defined in SDP.

   Implementations of the protocol defined in this document employing
   the ESP header SHALL comply with section 5 of [RFC2406], which
   defines a minimum set of algorithms for integrity checking and

Top      Up      ToC       Page 65 
   encryption. Similarly, implementations employing the AH header SHALL
   comply with section 5 of [RFC2402], which defines a minimum set of
   algorithms for integrity checking using manual keys.

   Implementations SHOULD use IKE [RFC2409] to permit more robust keying
   options. Implementations employing IKE SHOULD support authentication
   with RSA signatures and RSA public key encryption.

10.2 Interim AH scheme

   Implementation of IPsec requires that the AH or ESP header be
   inserted immediately after the IP header. This cannot be easily done
   at the application level.  Therefore, this presents a deployment
   problem for the protocol defined in this document where the
   underlying network implementation does not support IPsec.

   As an interim solution, an optional AH header is defined within the
   H.248 protocol header. The header fields are exactly those of the
   SPI, SEQUENCE NUMBER and DATA fields as defined in [RFC2402]. The
   semantics of the header fields are the same as the "transport mode"
   of [RFC2402], except for the calculation of the Integrity Check value
   (ICV). In IPsec, the ICV is calculated over the entire IP packet
   including the IP header. This prevents spoofing of the IP addresses.
   To retain the same functionality, the ICV calculation should be
   performed across the entire transaction prepended by a synthesized IP
   header consisting of a 32 bit source IP address, a 32 bit destination
   address and an 16 bit UDP encoded as 10 hex digits.  When the interim
   AH mechanism is employed when TCP is the transport Layer, the UDP
   Port above becomes the TCP port, and all other operations are the

   Implementations of the H.248 protocol SHALL implement IPsec where the
   underlying operating system and the transport network supports IPsec.
   Implementations of the protocol using IPv4 SHALL implement the
   interim AH scheme. However, this interim scheme SHALL NOT be used
   when the underlying network layer supports IPsec. IPv6
   implementations are assumed to support IPsec and SHALL NOT use the
   interim AH scheme.

   All implementations of the interim AH mechanism SHALL comply with
   section 5 of [RFC2402] which defines a minimum set of algorithms for
   integrity checking using manual keys.

   The interim AH interim scheme does not provide protection against
   eavesdropping; thus forbidding third parties from monitoring the
   connections set up by a given termination. Also, it does not provide
   protection against replay attacks.  These procedures do not
   necessarily protect against denial of service attacks by misbehaving

Top      Up      ToC       Page 66 
   MGs or misbehaving MGCs. However, they will provide an identification
   of these misbehaving entities, which should then be deprived of their
   authorization through maintenance procedures.

10.3 Protection of Media Connections

   The protocol allows the MGC to provide MGs with "session keys" that
   can be used to encrypt the audio messages, protecting against

   A specific problem of packet networks is "uncontrolled barge-in".
   This attack can be performed by directing media packets to the IP
   address and UDP port used by a connection. If no protection is
   implemented, the packets must be decompressed and the signals must be
   played on the "line side".

   A basic protection against this attack is to only accept packets from
   known sources, checking for example that the IP source address and
   UDP source port match the values announced in the Remote Descriptor.
   This has two inconveniences: it slows down connection establishment
   and it can be fooled by source spoofing:

    .  To enable the address-based protection, the MGC must obtain the
       remote session description of the egress MG and pass it to the
       ingress MG.  This requires at least one network roundtrip, and
       leaves us with a dilemma: either allow the call to proceed
       without waiting for the round trip to complete, and risk for
       example, "clipping" a remote announcement, or wait for the full
       roundtrip and settle for slower call-set-up procedures.

    .  Source spoofing is only effective if the attacker can obtain
       valid pairs of source destination addresses and ports, for
       example by listening to a fraction of the traffic. To fight
       source spoofing, one could try to control all access points to
       the network.  But this is in practice very hard to achieve.

   An alternative to checking the source address is to encrypt and
   authenticate the packets, using a secret key that is conveyed during
   the call set-up procedure. This will not slow down the call set-up,
   and provides strong protection against address spoofing.


   The control association between MG and MGC is initiated at MG cold
   start, and announced by a ServiceChange message, but can be changed
   by subsequent events, such as failures or manual service events.
   While the protocol does not have an explicit mechanism to support

Top      Up      ToC       Page 67 
   multiple MGCs controlling a physical MG, it has been designed to
   support the multiple logical MG (within a single physical MG) that
   can be associated with different MGCs.

11.1 Multiple Virtual MGs

   A physical Media Gateway may be partitioned into one or more Virtual
   MGs.  A virtual MG consists of a set of statically partitioned
   physical Terminations and/or sets of ephemeral Terminations.  A
   physical Termination is controlled by one MGC.  The model does not
   require that other resources be statically allocated, just
   Terminations.  The mechanism for allocating Terminations to virtual
   MGs is a management method outside the scope of the protocol.  Each
   of the virtual MGs appears to the MGC as a complete MG client.

   A physical MG may have only one network interface, which must be
   shared across virtual MGs.  In such a case, the packet/cell side
   Termination is shared.  It should be noted however, that in use, such
   interfaces require an ephemeral instance of the Termination to be
   created per flow, and thus sharing the Termination is
   straightforward.  This mechanism does lead to a complication, namely
   that the MG must always know which of its controlling MGCs should be
   notified if an event occurs on the interface.

   In normal operation, the Virtual MG will be instructed by the MGC to
   create network flows (if it is the originating side), or to expect
   flow requests (if it is the terminating side), and no confusion will
   arise.  However, if an unexpected event occurs, the Virtual MG must
   know what to do with respect to the physical resources it is

   If recovering from the event requires manipulation of a physical
   interface's state, only one MGC should do so.  These issues are
   resolved by allowing any of the MGCs to create EventsDescriptors to
   be notified of such events, but only one MGC can have read/write
   access to the physical interface properties; all other MGCs have
   read-only access.  The management mechanism is used to designate
   which MGC has read/write capability, and is designated the Master

   Each virtual MG has its own Root Termination.  In most cases the
   values for the properties of the Root Termination are independently
   settable by each MGC.  Where there can only be one value, the
   parameter is read-only to all but the Master MGC.

   ServiceChange may only be applied to a Termination or set of
   Terminations partitioned to the Virtual MG or created (in the case of
   ephemeral Terminations) by that Virtual MG.

Top      Up      ToC       Page 68 
11.2 Cold Start

   A MG is pre-provisioned by a management mechanism outside the scope
   of this protocol with a Primary and (optionally) an ordered list of
   Secondary MGCs.  Upon a cold start of the MG, it will issue a
   ServiceChange command with a "Restart" method, on the Root
   Termination to its primary MGC.  If the MGC accepts the MG, it will
   send a Transaction Accept, with the ServiceChangeMgcId set to itself.
   If the MG receives an ServiceChangeMgcId not equal to the MGC it
   contacted, it sends a ServiceChange to the MGC specified in the
   ServiceChangeMgcId.  It continues this process until it gets a
   controlling MGC to accept its registration, or it fails to get a
   reply.  Upon failure to obtain a reply, either from the Primary MGC,
   or a designated successor, the MG tries its pre-provisioned Secondary
   MGCs, in order.  If the MG is unable to comply and it has established
   a transport connection to the MGC, it should close that connection.
   In any event, it should reject all subsequent requests from the MGC
   with Error 406 Version Not Supported.

   It is possible that the reply to a ServiceChange with Restart will be
   lost, and a command will be received by the MG prior to the receipt
   of the ServiceChange response.  The MG shall issue error 505 -
   Command Received before Restart Response.

11.3 Negotiation of Protocol Version

   The first ServiceChange command from an MG shall contain the version
   number of the protocol supported by the MG in the
   ServiceChangeVersion parameter. Upon receiving such a message, if the
   MGC supports only a lower version, then the MGC shall send a
   ServiceChangeReply with the lower version and thereafter all the
   messages between MG and MGC shall conform to the lower version of the
   protocol.  If the MG is unable to comply and it has established a
   transport connection to the MGC, it should close that connection.  In
   any event, it should reject all subsequent requests from the MGC with
   Error 406 Version Not supported.

   If the MGC supports a higher version than the MG but is able to
   support the lower version proposed by the MG, it shall send a
   ServiceChangeReply with the lower version and thereafter all the
   messages between MG and MGC shall conform to the lower version of the
   protocol. If the MGC is unable to comply, it shall reject the
   association, with Error 406 Version Not Supported.

   Protocol version negotiation may also occur at "handoff" and
   "failover" ServiceChanges.

Top      Up      ToC       Page 69 
   When extending the protocol with new versions, the following rules
   should be followed.

   1. Existing protocol elements, i.e., procedures, parameters,
      descriptor, property,  values, should not be changed unless a
      protocol error needs to be corrected or it becomes necessary to
      change the operation of the service that is being supported by the

   2. The semantics of a command, a parameter, descriptor, property,
      value should not be changed.

   3. Established rules for formatting and encoding messages and
      parameters should not be modified.

   4. When information elements are found to be obsolete they can be
      marked as not used. However, the identifier for that information
      element will be marked as reserved. In that way it can not be used
      in future versions.

11.4 Failure of an MG

   If a MG fails, but is capable of sending a message to the MGC, it
   sends a ServiceChange with an appropriate method (graceful or forced)
   and specifies the Root TerminationID.  When it returns to service, it
   sends a ServiceChange with a "Restart" method.

   Allowing the MGC to send duplicate messages to both MGs accommodates
   pairs of MGs that are capable of redundant failover of one of the
   MGs.  Only the Working MG shall accept or reject transactions.  Upon
   failover, the Primary MG sends a ServiceChange command with a
   "Failover" method and a "MG Impending Failure" reason.  The MGC then
   uses the primary MG as the active MG.  When the error condition is
   repaired, the Working MG can send a "ServiceChange" with a "Restart"

11.5 Failure of an MGC

   If the MG detects a failure of its controlling MGC, it attempts to
   contact the next MGC on its pre-provisioned list.  It starts its
   attempts at the beginning (Primary MGC), unless that was the MGC that
   failed, in which case it starts at its first Secondary MGC.  It sends
   a ServiceChange message with a "Failover" method and a " MGC
   Impending Failure" reason.

   In partial failure, or manual maintenance reasons, an MGC may wish to
   direct its controlled MGs to use a different MGC.  To do so, it sends
   a ServiceChange method to the MG with a "HandOff" method, and its

Top      Up      ToC       Page 70 
   designated replacement in ServiceChangeMgcId. The MG should send a
   ServiceChange message with a "Handoff" method and a "MGC directed
   change" reason to the designated MGC.  If it fails to get a reply, or
   fails to see an Audit command subsequently, it should behave as if
   its MGC failed, and start contacting secondary MGCs.  If the MG is
   unable to establish a control relationship with any MGC, it shall
   wait a random amount of time as described in section 9.2 and then
   start contacting its primary, and if necessary, its secondary MGCs

   No recommendation is made on how the MGCs involved in the Handoff
   maintain state information; this is considered to be out of scope of
   this recommendation. The MGC and MG may take the following steps when
   Handoff occurs.  When the MGC initiates a HandOff, the handover
   should be transparent to Operations on the Media Gateway.
   Transactions can be executed in any order, and could be in progress
   when the ServiceChange is executed.  Accordingly, commands in
   progress continue, transaction replies are sent to the new MGC (after
   a new control association is established), and the MG should expect
   outstanding transaction replies from the new MGC.  No new messages
   shall be sent to the new MGC until the control association is
   established.  Repeated transaction requests shall be directed to the
   new MGC.  The MG shall maintain state on all terminations and

   It is possible that the MGC could be implemented in such a way that a
   failed MGC is replaced by a working MGC where the identity of the new
   MGC is the same as the failed one.  In such a case,
   ServiceChangeMgcId would be specified with the previous value and the
   MG shall behave as if the value was changed, and send a ServiceChange
   message, as above.

   Pairs of MGCs that are capable of redundant failover can notify the
   controlled MGs of the failover by the above mechanism.


   The primary mechanism for extension is by means of Packages.
   Packages define additional Properties, Events, Signals and Statistics
   that may occur on Terminations.

   Packages defined by IETF will appear in separate RFCs.

   Packages defined by ITU-T may appear in the relevant recommendations
   (e.g. as annexes).

Top      Up      ToC       Page 71 
   1. A public document or a standard forum document, which can be
      referenced as the document that describes the package following
      the guideline above, should be specified.

   2. The document shall specify the version of the Package that it

   3. The document should be available on a public web server and should
      have a stable URL. The site should provide a mechanism to provide
      comments and appropriate responses should be returned.

12.1 Guidelines for defining packages

   Packages define Properties, Events, Signals, and Statistics.

   Packages may also define new error codes according to the guidelines
   given in section 13.2. This is a matter of documentary convenience:
   the package documentation is submitted to IANA in support of the
   error code registration. If a package is modified, it is unnecessary
   to provide IANA with a new document reference in support of the error
   code unless the description of the error code itself is modified.

   Names of all such defined constructs shall consist of the PackageID
   (which uniquely identifies the package) and the ID of the item (which
   uniquely identifies the item in that package).  In the text encoding
   the two shall be separated by a forward slash ("/") character.
   Example: togen/playtone is the text encoding to refer to the play
   tone signal in the tone generation package.

   A Package will contain the following sections:

12.1.1 Package

   Overall description of the package, specifying:

    .  Package Name: only descriptive,
    .  PackageID:  Is an identifier
    .  Description:
    .  Version: A new version of a package can only add additional
       Properties, Events, Signals, Statistics and new possible values
       for an existing parameter described in the original package. No
       deletions or modifications shall be allowed. A version is  an
       integer in the range from 1 to 99.

    .  Extends (Optional): A package may extend an existing package. The
       version of the original package must be specified. When a package
       extends another package it shall only add additional Properties,
       Events, Signals, Statistics and new possible values for an

Top      Up      ToC       Page 72 
       existing parameter described in the original package. An extended
       package shall not redefine or overload a name defined in the
       original package.  Hence, if package B version 1 extends package A
       version 1, version 2 of B will not be able to extend the A version
       2 if A version 2 defines a name already in B version 1.

12.1.2 Properties

   Properties defined by the package, specifying:

    .  Property Name: only descriptive.
    .  PropertyID:  Is an identifier
    .  Description:
    .  Type: One of:
          String: UTF-8 string
          Integer: 4 byte signed integer
          Double: 8 byte signed integer
          Character: Unicode UTF-8 encoding of a single letter.
                  Could be more than one octet.
          Enumeration: One of a list of possible unique values (See 12.3)
          Sub-list: A list of several values from a list

    .  Possible Values:
    .  Defined in: Which H.248 descriptor the property is defined in.
       LocalControl is for stream dependent properties. TerminationState
       is for stream independent properties.

    .  Characteristics: Read / Write or both, and (optionally), global:
       Indicates whether a property is read-only, or read-write, and if
       it is global.  If Global is omitted, the property is not global.
       If a property is declared as global, the value of the property is
       shared by all terminations realizing the package.

12.1.3 Events

   Events defined by the package, specifying:

    .  Event name: only descriptive.
    .  EventID:  Is an identifier
    .  Description:
    .  EventsDescriptor Parameters: Parameters used by the MGC to
       configure the event, and found in the EventsDescriptor.  See
       section 12.2.

Top      Up      ToC       Page 73 
    .  ObservedEventsDescriptor Parameters: Parameters returned to the
       MGC in  Notify requests and in replies to command requests from
       the MGC that audit ObservedEventsDescriptor, and found in the
       ObservedEventsDescriptor.  See section 12.2.

12.1.4 Signals

    .  Signals defined by the package, specifying:
    .  Signal Name: only descriptive.
    .  SignalID:  Is an identifier. SignalID is used in a
    .  Description
    .  SignalType: One of:
           - OO (On/Off)
           - TO (TimeOut)
           - BR (Brief)

   Note -  SignalType may be defined such that it is dependent on the
   value of one or more parameters. Signals that would be played with
   SignalType BR should have a default duration. The package has to
   define the default duration and signalType.

    .  Duration: in hundredths of seconds
    .  Additional Parameters: See section 12.2

12.1.5 Statistics

   Statistics defined by the package, specifying:

    .  Statistic name: only descriptive.
    .  StatisticID:  Is an identifier.  StatisticID is used in a
    .  Description
    .  Units: unit of measure, e.g. milliseconds, packets.

12.1.6 Procedures

   Additional guidance on the use of the package.

12.2 Guidelines to defining Properties, Statistics and Parameters to
     Events and Signals.

    . Parameter Name: only descriptive
    . ParameterID: Is an identifier
    . Type: One of:
         String: UTF-8 octet string
         Integer: 4 octet signed integer
         Double: 8 octet signed integer

Top      Up      ToC       Page 74 
         Character: Unicode UTF-8 encoding of a single letter. Could be
         more than one octet.
         Enumeration: One of a list of possible unique values (See 12.3)
         Sub-list: A list of several values from a list

    . Possible values:
    . Description:

12.3 Lists

   Possible values for parameters include enumerations.  Enumerations
   may be defined in a list.  It is recommended that the list be IANA
   registered so that packages that extend the list can be defined
   without concern for conflicting names.

12.4 Identifiers

   Identifiers in text encoding shall be strings of up to 64 characters,
   containing no spaces, starting with an alphanumeric character and
   consisting of alphanumeric characters and / or digits, and possibly
   including the special character underscore ("_").

   Identifiers in binary encoding are 2 octets long.

   Both text and binary values shall be specified for each identifier,
   including identifiers used as values in enumerated types.

12.5 Package Registration

   A package can be registered with IANA for interoperability reasons.
   See section 13 for IANA considerations.


13.1 Packages

   The following considerations SHALL be met to register a package with

   1. A unique string name, unique serial number and version number is
      registered for each package.  The string name is used with text
      encoding.  The serial number shall be used with binary encoding.
      Serial Numbers 60000-64565 are reserved for private use. Serial
      number 0 is reserved.

Top      Up      ToC       Page 75 
   2. A contact name, email and postal addresses for that contact shall
      be specified.  The contact information shall be updated by the
      defining organization as necessary.

   3. A reference to a document that describes the package, which should
      be public:

      The document shall specify the version of the Package that it

      If the document is public, it should be located on a public web
      server and should have a stable URL. The site should provide a
      mechanism to provide comments and appropriate responses should be

   4. Packages registered by other than recognized standards bodies
      shall have a minimum package name length of 8 characters.

   5. All other package names are first come-first served if all other
      conditions are met

13.2 Error Codes

   The following considerations SHALL be met to register an error code
   with IANA:

   1. An error number and a one line (80 character maximum) string is
      registered for each error.

   2. A complete description of the conditions under which the error is
      detected shall be included in a publicly available document.  The
      description shall be sufficiently clear to differentiate the error
      from all other existing error codes.

   3. The document should be available on a public web server and should
      have a stable URL.

   4. Error numbers registered by recognized standards bodies shall have
      3 or 4 character error numbers.

   5. Error numbers registered by all other organizations or individuals
      shall have 4 character error numbers.

   6. An error number shall not be redefined, nor modified except by the
      organization or individual that originally defined it, or their
      successors or assigns.

Top      Up      ToC       Page 76 
13.3 ServiceChange Reasons

   The following considerations SHALL be met to register service change
   reason with IANA:

   1. A one phrase, 80-character maximum, unique reason code is
      registered for each reason.

   2. A complete description of the conditions under which the reason is
      used is detected shall be included in a publicly available
      document.  The description shall be sufficiently clear to
      differentiate the reason from all other existing reasons.

   3. The document should be available on a public web server and should
      have a stable URL.

Next RFC Part